Microsoft Defender report - Stop weak cipher usage report

What does it say in the usage report? If it is related to accounts using weak encryption protocol, you should look for kerberos authentication event id. I had similar on MCAS where users reported using RC4 encryption. There is a setting under ADUC account properties to set to use 128/256 AES encryption. Then it defaults to using AES over RC4.